Update January 21, 2011 - they exchange samples there and have active discussions. I do not post those samples here, join the group if you need them.

If you are interested in mobile malware analysis, join the Mobile Malware Group (Adam Russell is the moderator/founder and he is processing the requests)

This group is intended as a service to the mobile malware research community as well as anyone interested in starting research in this growing field. As such, we are looking for discussions on
various mobile systems such as the iPhone, Android, Symbian, and other mobile platforms. Discussions should target analysis of the malware,
requests for samples of malware, technical reviews of new methods, and
other related material and questions. My hope is that this community
can grow and provide high quality, cogent information to new and
veteran researchers alike. (- Adam Russell)

Description: A mailing
list for researching mobile malware. This group allows material related to new
mobile malware samples, analysis, new techniques, questions pertaining to the
field, and other related material. Please describe yourself in short detail when
requesting to join. Thank you.

Saturday, August 28, 2010

I was planning to do something else tonight when my blackberry buzzed with a new message.Unfortunately, this was not the message I'd like to receive. ICQ spam is common and fairly predictable - invitations to new "cool chat rooms", offers to DDoS my competitors until they revert to using paper and pencil or spam every person on earth for pennies.This one offered a new 3D game called Little Tanks.

TDL3 dropper that is able to infect x86 and x64 systems. On x64
it uses a custom boot loader stored in the MBR that loads the kernel
mode code without requiring a valid digital signature. Happy reversing
:).

> EUROPEAN UNION> EUROPEAN SECURITY AND DEFENCE POLICY> Military operation of the EU> EU NAVFOR Somalia> > This military operation, called EU NAVFOR Somalia - operation > "Atalanta", is launched in support of Resolutions 1814 (2008), 1816 > (2008), 1838 (2008) and 1846 (2008) of the United Nations Security Council (UNSC) in order to contribute to:> - the protection of vessels of the WFP (World Food Programme) delivering food aid to displaced> persons in Somalia;> - the protection of vulnerable vessels cruising off the Somali coast, and the deterrence, prevention> and repression of acts of piracy and armed robbery off the Somali coast.> This operation, which is the first EU maritime operation, is conducted > in the framework of the European Security and Defence Policy (ESDP).> > > More information and background documents available on > http:// gnarus.mobi/media/EuropeanUnion_MilitaryOperations_EN. zip> and > http:// quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN. zip> > ________________________________________> PRESS - EU Council Secretariat Tel: +32 (0)2 281 7640 / 6319

The Obama administration's hopes that its warmer approach to Beijing would yield a more fruitful Sino-American relationship have been disappointed. Rather than adopting a more cooperative bearing, Beijing has become increasingly assertive over the past year. Recognizing the resulting detriment to U.S. interests and Asia-Pacific peace and security, the Obama administration is now pushing back. This new direction may convince Beijing to reconsider its recent assertive policies, but for now, the United States and China have entered a period of tense relations, raising the odds of a true crisis. Particularly worrisome is Chinese media coverage of this summer's quarrels, which has been nationalistic and anti-American in tone and content. Such coverage makes conflicts more difficult to resolve, as the Chinese regime cannot afford to look weak in the eyes of an incensed citizenry. Policymakers in both countries should be aware of this dynamic as they approach any additional disputes in the coming months.
Key points in this Outlook:
• The United States and China have clashed over maritime exercises, with Beijing opposed to Washington asserting its right to exercise in international waters.
• The Chinese media responded with a stream of nationalistic, anti-American reporting--portraying the United States as an imperial power.
• Despite China's confidence, there are signs of internal weakness in the People's Republic, with social unrest on the rise
• The United States should prepare diplomati¬cally and militarily for a potential crisis.

CVE-2009-4324_PDF_2010-08-25_02BFE34BEA55E327CFDEAD9CFF215F33_CMSIconf is interesting, check out object 16.1, containing some 948 pages on 333s. Also, according to Giuseppe Bonfa, it has xref malformation jump obj 25.0 -> 34.0.The purpose of 333s in obj 16.1 not clear because this file will probably crash crash every version of Adobe reader

Update2. It certainly does NOT have CVE-2010-1297. Thanks to Tyler McLeod (Vicheck.ca) and Giuseppe Bonfa (evilcry ) for checking and confirmation.The presence of j_exp function made it similar to other files exploiting CVE-2010-1297 but this one has just this piece of code without apparent reason (malware writer mistake?) It is also not clear why it is checking versions.

Update. Ok, exploitation of CVE-2010-1297 is debatable. But what is it?

Malware samples are available for download by any responsible whitehat researcher. By downloading the samples, anyone waives all rights to claim punitive, incidental and consequential damages resulting from mishandling or self-infection.